snuffleupagus/src/sp_cookie_encryption.c, branch 85beta2Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!
http://git.dustri.org/snuffleupagus/atom?h=85beta22025-09-01T11:44:31ZAdd support for PHP8.52025-09-01T11:44:31Zjvoisin2025-08-31T14:05:44Zurn:sha1:508ebee8aff151f147c69d6fbe3ad35301552983Do not crash on no cookie hash key2025-06-25T17:38:30ZChristian Göttsche2025-06-25T09:43:58Zurn:sha1:d4e010846d9d8db8bf6e1fec9a2c39ed762e257d
Do not dereference the hash key for cookie encryption if it's NULL:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 zend_string_equal_content (s1=0x79bdb92170f0, s2=0x0) at /usr/include/php/20240924/Zend/zend_string.h:386
No locals.
#1 zend_string_equals (s1=0x79bdb92170f0, s2=0x0) at /usr/include/php/20240924/Zend/zend_string.h:391
No locals.
#2 sp_match_value (value=0x0, to_match=0x79bdb92170f0, rx=0x0) at ./src/sp_utils.c:273
No locals.
#3 0x00007989377b0709 in sp_lookup_cookie_config (key=0x0) at ./src/sp_cookie_encryption.c:8
config = 0x79bdb92158d0
it = 0x79ae80dabd00
it = <optimized out>
config = <optimized out>
#4 decrypt_cookie (pDest=0x79893b6787c0, num_args=<optimized out>, args=<optimized out>, hash_key=0x7ffe657c3880) at ./src/sp_cookie_encryption.c:19
cookie = <optimized out>
#5 0x000061875aac52df in zend_hash_apply_with_arguments ()
No symbol table info available.
#6 0x00007989377ae74b in zm_activate_snuffleupagus (type=<optimized out>, module_number=<optimized out>) at ./src/snuffleupagus.c:228
config_wrapper = 0x7989377c3490 <snuffleupagus_globals+144>
#7 0x000061875aa21710 in zend_activate_modules ()
No symbol table info available.
#8 0x000061875a9a7f18 in php_request_startup ()
No symbol table info available.
Avoid dropping const qualifier in casts2024-06-06T14:27:35ZChristian Göttsche2024-05-29T18:38:23Zurn:sha1:f40955e03cd361966f927acfaa477cfceb8930e5
Adjusts casts to void dropping const qualifiers. This helps to avoid
mistakes, e.g. modifying string literals.
Also use size_t for length, similar to the upstream php interfaces.
config is stack allocated now + some code improvements (see details)2021-09-23T10:23:40ZBen Fuhrmannek2021-09-23T10:23:40Zurn:sha1:54c352c1b5aa08b187dd1e52e544709cad2b0fee
* for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible
* SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read
* execution_depth is re-initialized to 0 for each request
* function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1
* execution is actually hooked if recursion protection is enabled
* some line breaks were removed to make the code more readable
fixed incorrect debug log invocation2021-08-06T14:40:57ZBen Fuhrmannek2021-08-06T14:40:57Zurn:sha1:2b6086486be69533d0077585c7726b3efa175fe6fix snufflepagus_globals linking issues and one mac compatibility issue2019-06-19T09:04:17ZBen Fuhrmannek2019-06-19T09:04:17Zurn:sha1:3ab467100883adedab71a28e1699799e45ab0b2dFix the cookie's handling for PHP7.3+2019-05-14T20:48:55Zjvoisin2019-05-14T19:57:13Zurn:sha1:1cdb880fac5044194f0bc62dd82fcd4480192ebe
PHP 7.3+ added a new prototype for the cookie
setting mechanism, breaking our ghetto samesite-injection,
this commit takes care of it.
Try to unify the includes2019-02-23T18:36:24Zjvoisin2019-02-23T18:36:24Zurn:sha1:809920b8cb130e105847a9956c51a6ecb08e2938Bump a bit the coverage2018-10-06T16:15:00Zjvoisin2018-10-06T16:15:00Zurn:sha1:aa550b9abadc109a2c89a7cd6dd047ac2a953027
* `setcookie` doesn't always return `true` anymore
* clang-format
* Cookies with invalid decryption are dropped, but the request isn't anymore
* faulty unserialize are now dumpableMinor code cleanup2018-08-30T15:14:08ZxXx-caillou-xXx2018-08-30T15:14:08Zurn:sha1:206ffa3fb3fd72c6a2eb45194fb176535a91288c